Just a quick note on how to lookup and search in the FortiGate Internet Service Database(ISDB) for later reference.
Search for a service:
FortiGate80D # get system status | grep Version
Version: FortiGate-80D v6.2.2,build1010,191008 (GA)
FortiGate80D # diagnose internet-service id | grep -i microsoft
ID: 327681 name: "Microsoft-Web"
ID: 327682 name: "Microsoft-ICMP"
ID: 327683 name: "Microsoft-DNS"
ID: 327684 name: "Microsoft-Outbound_Email"
ID: 327686 name: "Microsoft-SSH"
ID: 327687 name: "Microsoft-FTP"
ID: 327688 name: "Microsoft-NTP"
ID: 327689 name: "Microsoft-Inbound_Email"
ID: 327694 name: "Microsoft-LDAP"
ID: 327695 name: "Microsoft-NetBIOS.Session.Service"
ID: 327696 name: "Microsoft-RTMP"
ID: 327704 name: "Microsoft-NetBIOS.Name.Service"
ID: 327680 name: "Microsoft-Other"
ID: 327781 name: "Microsoft-Skype"
ID: 327782 name: "Microsoft-Office365"
ID: 327786 name: "Microsoft-Azure"
ID: 327788 name: "Microsoft-Bing.Bot"
ID: 327791 name: "Microsoft-Outlook"
ID: 327793 name: "Microsoft-Microsoft.Update"
ID: 327837 name: "Microsoft-Dynamics"
ID: 327839 name: "Microsoft-WNS"
ID: 327880 name: "Microsoft-Office365.Published"
Look up specific service:
FortiGate80D # diagnose internet-service id 327782
….
23.3.100.221-23.3.100.221 geo_id(16369) black list(0x0) proto(6) port(80 443)
23.6.221.146-23.6.221.146 geo_id(4234) black list(0x0) proto(6) port(80 443)
23.9.181.221-23.9.181.221 geo_id(28064) black list(0x0) proto(6) port(80 443)
23.11.221.187-23.11.221.187 geo_id(15477) black list(0x0) proto(6) port(80 443)
23.13.221.27-23.13.221.27 geo_id(11282) black list(0x0) proto(6) port(80 443)
23.49.221.73-23.49.221.73 geo_id(19448) black list(0x0) proto(6) port(80 443)
23.50.153.221-23.50.153.221 geo_id(1388) black list(0x0) proto(6) port(80 443)
23.55.221.74-23.55.221.74 geo_id(32103) black list(0x0) proto(6) port(80 443)
….
Look up a specific IP:
FortiGate80D # diagnose internet-service match root 23.11.221.187 255.255.255.255
Internet Service: 327782(Microsoft-Office365), matched num: 2
Internet Service: 327681(Microsoft-Web), matched num: 4
Internet Service: 327682(Microsoft-ICMP), matched num: 1
Internet Service: 327683(Microsoft-DNS), matched num: 2
Internet Service: 327684(Microsoft-Outbound_Email), matched num: 4
Internet Service: 327686(Microsoft-SSH), matched num: 1
Internet Service: 327687(Microsoft-FTP), matched num: 2
Internet Service: 327688(Microsoft-NTP), matched num: 2
Internet Service: 327689(Microsoft-Inbound_Email), matched num: 4
Internet Service: 327694(Microsoft-LDAP), matched num: 4
Internet Service: 327695(Microsoft-NetBIOS.Session.Service), matched num: 2
Internet Service: 327696(Microsoft-RTMP), matched num: 2
Internet Service: 327704(Microsoft-NetBIOS.Name.Service), matched num: 1
Internet Service: 327680(Microsoft-Other), matched num: 2
Internet Service: 7929993(Akamai-CDN), matched num: 1
Look up a specific network by adjusting the network mask:
FortiGate80D # diagnose internet-service match root 23.11.221.0 255.255.255.0
Internet Service: 327782(Microsoft-Office365), matched num: 2
Internet Service: 196723(Apple-App.Store), matched num: 2
Internet Service: 196609(Apple-Web), matched num: 8
Internet Service: 196610(Apple-ICMP), matched num: 2
Internet Service: 196611(Apple-DNS), matched num: 4
Internet Service: 196612(Apple-Outbound_Email), matched num: 8
Internet Service: 196614(Apple-SSH), matched num: 2
Internet Service: 196615(Apple-FTP), matched num: 4
Internet Service: 196616(Apple-NTP), matched num: 4
Internet Service: 196617(Apple-Inbound_Email), matched num: 8
Internet Service: 196622(Apple-LDAP), matched num: 8
Internet Service: 196623(Apple-NetBIOS.Session.Service), matched num: 4
Internet Service: 196624(Apple-RTMP), matched num: 4
Internet Service: 196632(Apple-NetBIOS.Name.Service), matched num: 2
Internet Service: 196608(Apple-Other), matched num: 4
Internet Service: 1376257(McAfee-Web), matched num: 4
Internet Service: 1376258(McAfee-ICMP), matched num: 1
Internet Service: 1376259(McAfee-DNS), matched num: 2
Internet Service: 1376260(McAfee-Outbound_Email), matched num: 4
Internet Service: 1376262(McAfee-SSH), matched num: 1
Internet Service: 1376263(McAfee-FTP), matched num: 2
Internet Service: 1376264(McAfee-NTP), matched num: 2
Internet Service: 1376265(McAfee-Inbound_Email), matched num: 4
Internet Service: 1376270(McAfee-LDAP), matched num: 4
Internet Service: 1376271(McAfee-NetBIOS.Session.Service), matched num: 2
Internet Service: 1376272(McAfee-RTMP), matched num: 2
Internet Service: 1376280(McAfee-NetBIOS.Name.Service), matched num: 1
Internet Service: 1376256(McAfee-Other), matched num: 2
Internet Service: 327681(Microsoft-Web), matched num: 4
Internet Service: 327682(Microsoft-ICMP), matched num: 1
Internet Service: 327683(Microsoft-DNS), matched num: 2
Internet Service: 327684(Microsoft-Outbound_Email), matched num: 4
Internet Service: 327686(Microsoft-SSH), matched num: 1
Internet Service: 327687(Microsoft-FTP), matched num: 2
Internet Service: 327688(Microsoft-NTP), matched num: 2
Internet Service: 327689(Microsoft-Inbound_Email), matched num: 4
Internet Service: 327694(Microsoft-LDAP), matched num: 4
Internet Service: 327695(Microsoft-NetBIOS.Session.Service), matched num: 2
Internet Service: 327696(Microsoft-RTMP), matched num: 2
Internet Service: 327704(Microsoft-NetBIOS.Name.Service), matched num: 1
Internet Service: 327680(Microsoft-Other), matched num: 2
Internet Service: 7929993(Akamai-CDN), matched num: 256
Resources:
Technical Tip: How to search ISDB using IP address ( https://kb.fortinet.com/kb/documentLink.do?externalID=FD46122)
Technical Note: Internet Service Database – List of services, IP ranges, ports and protocols (https://kb.fortinet.com/kb/documentLink.do?externalID=FD40491)
Very nice – just what I was looking for :)